Perceptual ad-blocking is a novel approach that detects online advertisements based on their visual content. Compared to traditional filter lists, the use of perceptual signals is believed to be less prone to an arms race with web publishers and ad networks. We demonstrate that this may not be the case. We describe attacks on multiple perceptual ad-blocking techniques, and unveil a new arms race that likely disfavors ad-blockers. Unexpectedly, perceptual ad-blocking can also introduce new vulnerabilities that let an attacker bypass web security boundaries and mount DDoS attacks. We first analyze the design space of perceptual ad-blockers and present a unified architecture that incorporates prior academic and commercial work. We then explore a variety of attacks on the ad-blocker's detection pipeline, that enable publishers or ad networks to evade or detect ad-blocking, and at times even abuse its high privilege level to bypass web security boundaries. On one hand, we show that perceptual ad-blocking must visually classify rendered web content to escape an arms race centered on obfuscation of page markup. On the other, we present a concrete set of attacks on visual ad-blockers by constructing adversarial examples in a real web page context. For seven ad-detectors, we create perturbed ads, ad-disclosure logos, and native web content that misleads perceptual ad-blocking with 100% success rates. In one of our attacks, we demonstrate how a malicious user can upload adversarial content, such as a perturbed image in a Facebook post, that fools the ad-blocker into removing another users' non-ad content. Moving beyond the Web and visual domain, we also build adversarial examples for AdblockRadio, an open source radio client that uses machine learning to detects ads in raw audio streams.
翻译:感知性阻塞是一种新颖的方法,它根据视觉内容检测在线广告。 与传统的过滤清单相比, 感知性信号的使用被认为不太容易与网络出版商和广告网络进行军备竞赛。 我们证明情况可能并非如此。 我们描述对多种感知性阻塞技术的攻击, 并揭开一种可能不利于阻塞者的新军备竞赛。 意外地, 感知性阻塞还可能带来新的弱点, 让攻击者绕过网络安全边界, 并登上DDoS攻击。 我们首先分析视觉性阻塞器的设计空间, 并展示一个包含先前学术和商业工作的统一架构。 我们随后探索了对阻塞者检测管道的多种攻击, 使出版者或广告网络能够躲避或探测阻塞, 有时甚至滥用其高度特权水平绕过网络安全边界。 一方面, 感知性阻塞性阻塞性能让网络内容摆脱了在读取感性广告内容上的激烈竞争, 并且我们用真实的纸质性标本进行网络攻击。 在另一处, 我们用视觉性平面的图像上, 设置了一种真实的硬拷贝性攻击。